General
-
Target
file.exe
-
Size
1.8MB
-
Sample
230122-c1ad3sgg2t
-
MD5
800564a52d3834a9353b51b0fb4b5e96
-
SHA1
729830eb7053a06017062274a9b3deffa4314d41
-
SHA256
a355fbce3b91a02a5b3e3af9a2b7b6fbaf9da6fdd5b2260e8e7c7b8ec1c1e2d2
-
SHA512
bb47b1e7a92270f382aa2a2106b5d97d486ab2bed69aebcab5bb1582d467b3ccee9f0893261c067197eb5b5397bb0c5acef1a88f9845a1106f3a642c1275b9a7
-
SSDEEP
24576:96oZfKa9OEJ4J56LXaVBf8qFQ4HqiIYV+MfpU2tFD3c1eGDGVqk8ZVjrSOP+U:96opKa9zdLXaVBf5dqir23DGckLO2U
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.8MB
-
MD5
800564a52d3834a9353b51b0fb4b5e96
-
SHA1
729830eb7053a06017062274a9b3deffa4314d41
-
SHA256
a355fbce3b91a02a5b3e3af9a2b7b6fbaf9da6fdd5b2260e8e7c7b8ec1c1e2d2
-
SHA512
bb47b1e7a92270f382aa2a2106b5d97d486ab2bed69aebcab5bb1582d467b3ccee9f0893261c067197eb5b5397bb0c5acef1a88f9845a1106f3a642c1275b9a7
-
SSDEEP
24576:96oZfKa9OEJ4J56LXaVBf8qFQ4HqiIYV+MfpU2tFD3c1eGDGVqk8ZVjrSOP+U:96opKa9zdLXaVBf5dqir23DGckLO2U
Score10/10-
Detect rhadamanthys stealer shellcode
-
Detects LgoogLoader payload
-
LgoogLoader
A downloader capable of dropping and executing other malware families.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-